System Administration on one of those???

Date September 9, 2010

I do have a confession to make. It's not a confession that should require the services of the clergy, but a lot of people have been surprised when I've told them about it.

I have an iPad.

There are lots of good arguments against it becoming the ubiquitous computing platform, however as a standalone interface, I've found it to be a pretty good tool that's useful in more ways than I imagined before I bought it.

Honestly, one of the ways that it has surprised me is how useful it is in meetings. If I needed to research something, I'd have to do it on a laptop. Then if I wanted to show someone, I'd turn the laptop around, and it would be on the screen. Now, with the iPad, I hand it to them. It seems like such a small insignificant difference, but there's a visceral change when you hold a piece of information in your hands literally. It has both literal and figurative weight.

Of course, if it were just a web browser, it would be a novelty. The key is that you can install apps on it. Yes, there are lots of problems with the app store (and their app approval methods), and a lot of the apps in the store are rubbish, but there are some gems in there as well.

Deep down at the very bottom of my sysadmin heart, I'm pragmatic. If something works, I use it. If not, I don't. The iPad works for what I use it for, so I use it. Also, I absolutely love Harbor Master.

So aside from web browsing, what can the iPad do for us in our job roles? As it turns out, quite a lot, provided we abide by some ground rules that are enforced by the limitations of the device.

  1. No tactile keyboard
  2. If you want to type a significant amount, you need a bluetooth keyboard, which severely limits the mobility of the device.

  3. The resolution is fixed.
  4. If you attempt to access resources with higher resolutions, the display will either scale (and become nigh unreadable) or you will scroll

  5. The only VPN access on the iPad is for a Cisco ASA-series SSL VPN.
  6. If you want to access corporate resources, you need an Adaptive Security Appliance from Cisco, or you need to be on your internal network via wifi, or you need to have your corporate resources available over the internet.
    OK, as many people have pointed out, I was basing my words on old information. Apparently it's not just SSL, it's also IPSec, and it's not just Cisco. That being said, I've heard of many, many problems from many vendors who aren't Cisco. I've personally got Juniper Netscreens, and have never heard of anyone getting a VPN to work using this. Your Mileage May Vary.

That last one is the killer for me. It essentially means that I can only use the tools on my iPad while I'm at work. Lots of people have the Cisco hardware and licenses to make the VPN work, though, and there are a decent number of people doing business on the public cloud, in which case the tools may be handy. If so, great! Just be warned about what you're up against.

So now that you know whether or not you can use the apps, what apps should you get? There are tons. Over 250,000. Lots of them are crap, though. Even ignoring the stupid fart apps, what makes a sysadmin-related app good? In my mind, there are a few things to look for.

  1. It doesn't see itself as the center of the world
  2. There are a lot of apps I've seen that do very useful things, except that they make big assumptions. Computer Inventory is a great example. Having an app on the iPad that could enter information into your asset database would be great! Unfortunately, Computer Inventory writes to an internal database. As far as I can tell, you can't even export it to a CSV file. Lovely.

    Much better would be Decision Manager, which ties into OCS / GLPI, which is software you run on an inventory server. This app does have the disadvantage of being written in French, but even so, it's still more useful than a piece of software which can't export the information entered into it.

  3. It doesn't do things wholly unfit for a mobile device
  4. Would you use a pocket camera to do security monitoring of your front door? Of course not, you want to carry it with you, and it's not set up to do the kind of continual feed that is useful for that anyway.

    So why, then, are there so many crappy network monitors that do monitoring from the iPad? If you're doing network monitoring from your iPad, trust me, you're doing it wrong.

    Instead, use something like TouchMon for Nagios or iPRTG for PRTG. These are apps which connect to the dedicated servers already running on your network and display the information locally.

    The strength of the mobile device is that it's mobile, not that it's a computing powerhouse.

  5. If you're going to pay for an app, make sure it does something worth paying for
  6. Would you pay a buck for an app that does nothing except lets you query whois? Me neither. But someone wrote it and charges that for it. That's pretty miserable. There are a plethora of other apps that do the same thing, some of them with added functionality that's also very basic. Network Ping, for instance, will let you ping, traceroute, telnet, and even ping a subnet. Of course, it's $4, and that seems expensive to me for something that I can do at a shell prompt.

    I don't want to use this blog to advocate anything illegal, and fortunately, I don't have to. I recommend jailbreaking your iPad. Yes, it's unsupported, but it's also easy to do, and it's easy to reverse. Doing so gives extra functionality to your device, and allows you to install software that you're probably going to be very familiar with, at least if you're a UNIX/Linux admin. All of the functionality of the $4 app above (and way, way more) is available via the command line utilities that do the same thing. They just need installed using Cydia or one of the other software installers available to a jailbroken iOS device.

There are some apps that I've installed and use, and there are others that people have recommended to me on twitter. I can't personally speak for all of them, but they sound useful and good for the most part. Several of them do similar things, so I'll try to group them by utility.

Remote Access (terminal)
iSSH is the gold standard for remote terminal apps. It includes "VT100, VT102, VT220, ANSI, xterm, and xterm-color terminal emulator over SSH and telnet, integrated with a tunneled X server and VNC client". Say it with me..."that's hot".

The existence of good terminal emulators hasn't stopped people from solving specialized problems, sometimes very cleanly. MyRouters Pro, for instance, simplifies logging in to your Cisco routers and devices. It supports multiple concurrent connections and also macros. Interesting sounding software!

Remote Access (GUI)
Desktop Connect is a pretty smooth looking single pane of glass for RDP and VNC. At $15, it's expensive, but not as expensive as solutions like iTap RDP and iTap VNC, each of which are $12.

Coming in at $15 as well is the Wyse PocketCloud Remote Desktop. It seems to be the market leader, in terms of remote desktop solutions, and from the screenshots, you can see why. The unique mouse pointer menu system looks handy, and while I haven't shelled out money for one of these solutions yet, if I did, it would be for this one.

As far as I can tell, LogMeIn Ignition is a remote desktop solution, but only for Macs. I was under the mistaken impression that LogMeIn Ignition was Mac-only, but it has been pointed out to me that this is not the case. In fact, according to commenter Dan, the pro version includes some pretty sweet Windows-specific things, too. Check out the user guide for more details.

Remote Control
Sometimes, all you want is to control the screen in front of you. Having a keyboard and mouse on your couch is bulky and uncomfortable. Having one for every machine attached to a NOC display may not be possible. The software I use for my media-PC-sans-keyboard-and-mouse problem is Mobile Mouse. Essentially, it lets the iPad function like a giant touchscreen, and it works great. At $3, it's slightly cheaper than the other option I found out about, creatively called touchpad, which costs $5.

Service & Solution Administration
Citrix caught on to the remote desktops pretty quickly and wrote Citrix Receiver to fill the need for an iPad app to access your network-based machines simply.

If you've got a Rackspace server (or several), you may already know about Rackspace Cloud Pro, an app that allows you to manage your servers and storage.

I don't run Mac servers anymore. They're too...well...weird, for my tastes (at least, the old headless Xserve compute nodes we had were). If I did still run macs, You can bet that I'd have this app. It's Server Admin Remote, which manages the services as though you were sitting at the administrative console in Server Manager.

Troubleshooting
UDP Tools is a cool idea. It's sort of like a graphical netcat which only does UDP. There's also one for TCP, but that's called "telnet" ;-)

syslogger is a tool which allows you to send a syslog message to the syslog server of your choice. It only speaks UDP, but assuming you've got syslog listening for remote connections, you can spit out messages at it from your iPad using this.

I'm not usually a fan of crappy visual traceroute programs. They're typically kludgy, buggy, and most of the apps cost money for something that is, in all reality, pointless. Vtrace, however, is at least free. So if you like maps with dots and lines, try this one.

Monitoring & Security
The aforementioned touchmon is an iPhone app for checking the statuses reported by a Nagios server. It doesn't require any modifications to the Nagios server itself. It seems to just scrape the html and interpret the statuses itself, so if you've customized your CGIs, it probably won't work, but it seems pretty handy otherwise.

iStat should be included just for the interface. It's a way to see the stats of a remote machine at a glance, and it's pretty. Unfortunately it also requires installation of a monitoring program, so it's probably not worth it.

If you run network-based security cameras, there's at least a decent chance that they're by Axis. If they are, then you, too, can feel like you're on CSI with the Viewer for Axis Cameras. I don't have any of these, so I don't have this program, but I imagine that it allows you to view as many cameras as you've got. If you hear anything different (or you try it out) let me know!

Aanval, which connects to an Aanval server, which performs snort & syslog IDS.

iCacti Server Monitor is about all I can ask for in a an app, aside from the $4 price tag. It connects to an existing monitoring server, displays graphs clearly and cleanly, and has real value in displaying trends to people in meetings.

Reference & Information Management
The Omnigraffle app is probably going to be the most expensive on this list at $50, but if you make diagrams (and you have a Mac with Omnigraffle), it's absolutely worth it. You can share diagrams and stencils from the full Mac version, and being able to organize your thoughts on the ipad is great. The interface is complex, because there are so many options, and it takes a while to get the hang of it, but the reward is worth the time spent.

Evernote is a great piece of software for organizing those bits of information that you'd otherwise jot down on napkins or spare bits of paper, or whatever you've got with you. Since your computer can't follow you around, the iPhone and iPad are natural extensions of this software. The best part is that your notes are synced everywhere, so if you make a note on your iPad, when you get back to your computer, it's there too. Very handy.

dhcp-options provides on-the-fly reference of all of the dhcp options available, and what they mean.


In the end, if the iPad doesn't fit your work flow, there's no reason to use it, but if you are always looking for better ways to access information, then maybe you should give it a shot. Although it's not the end-all be-all of computing and it certainly won't ever be my primary means of administration, I've found it to be a useful tool, and I have to admit, sometimes I feel like I'm on Star Trek when I'm using a piece of hardware that small and that powerful.

I want to thank everyone who pitched in app suggestions on twitter. I'm sure that I left off some great ones. If I didn't include your favorite app, paste it in the comments below. Thanks!

  • Dan

    Just a small thing - LogMeIn isn't just for Macs, it's mainly used with Windows machines. We use it to manage both Windows servers and client desktops - as well as on a couple of Macs. It can be accessed and used fully from a web browser - LogMeIn Ignition is just a client you can install, and runs on Windows/Mac/Android.

    The main version of it is free, but there's a Pro version as well, that gives you remote printing/sound/file mangement, as well as a remote command shell, service access, event log, registry editor, etc. It's pretty good - you should take a look at it.

  • http://www.mrxinu.com/ Steven Klassen

    Very well written, sir.

  • Ryan Salomon

    Hello all! Matt's Junior Admin here! Just wanted to shine a bright ray into the dark lonely canyon that is SSL VPN access on the iPhone / iPad:

    For our future VPN solution, I've been working with OpenVPN. If you have a jailbroken iDevice (including the iPad), and are running OpenVPN at your company, you're in luck! There's a very nice wrapper around a ported OpenVPN client!

    It's called GuizmOVPN
    NOTE: Make sure to read the instructions there, the package for the app is not in Cydia's main repositories

    Between the app itself and the instructions on the website, just about everything is covered, from getting your keys and config files onto the phone to automatically pushing the right DNS settings).

    It can be used free w/o restrictions for 7 days. After that, use is limited. Essentially the app costs a bit less than 4.99 EUR, so currently that's less than $6.50.

  • Pingback: Tweets that mention System Administration on one of those??? | Standalone Sysadmin -- Topsy.com()

  • http://www.cyclingfocus.com John

    Thanks for the reviews, will give a few a try.

    I'll second LogMeIn Ignition, works very well for Windows and Macs. The GUI for the mouse control functions more intuitively than Wyse PocketClouds Remote Desktop. I use both, LogMeIn is my preferred solution for out of office/home access.

  • http://robertj.wordpress.com/ Robert Juric

    I'd like to point out that I'm able to connect to our corporate Microsoft ISA VPN with my iPad. I've used it to connect to the network and RDP to servers while on the road. The RDP app I use is the Mocha RDP Lite app, which was free and works pretty well for my needs.

    Also I believe Juniper just released the JUNOS Pulse client to the app store, though I'm not sure if its optimized for the iPad.

  • http://www.geekandi.com Mike Horwath

    You can do up some VPN action with the internal stuff to other IPSEC devices.

    Takes a little finagling to get it done but it works, I connect via my iPad to a Fortigate 310C without hiccup or hassle.

  • http://www.jonstill.com/ Jon

    Just a quick comment on the VPN - I have both my iPad and iPhone hooked up to my Cisco (IOS - 877W) router at home using the Cisco IPSEC client built in. Works very nicely indeed! I've also had it hooked up via IPSEC to ASAs at work - it's definitely not just for SSL!

    Great article though - looking forward to trying some of those out...

  • http://www.dingleberry.me Ralph

    Anyone had any luck with Juniper Netscreen VPNS with their iDevices?

  • Mason

    Junos Pulse for iOS 4.1 just went live this morning. It seems to be working fine for me and, with a little work in iPhone Configuration Utility, you can even use certificate-based authentication. Of course this won't work on the iPad until iOS 4.2 (November-ish), but at least it's on the horizon.

  • Ryan

    This is a great article! Saved me tons of time when looking for some decent administration applications.

    Keep this updated, please!

  • http://www.rackaid.com/resources/ jeffatrackaid

    One of the best things I found is when traveling. Since it lays flat, you can easily use it on a plane. I was able to get quite a bit of backend work done on my last flight thanks to gogo internet, linux screen, and the long battery life of the ipad.

  • hugo

    FWIW, this weekend past I managed to get my brother's iPad hooked up to an Astaro firewall VPN using PPTP. It was super simple.

  • http://bitfieldconsulting.com John Arundel

    Nice roundup! Interesting to compare and contrast your choices with my list of iPhone sysadmin apps:

    http://bitfieldconsulting.com/sysadmin-iphone-apps-portable-toolbox

    I suspect both of us would probably agree that you could keep iSSH and throw the rest out...

  • Scott Murphy

    Hi Matt;

    You left out one really useful thing that it does very well - iBooks and all those nice O'Reilly epub books. For anyone who is not aware, if you happen to have the paper version, you can register your copy and buy the epub copy (or other electronic version) for $5.00 and that includes updates to all future versions. I have a very nice tech library on a device that works very well as a reader. It certainly blows my old Sony PRS505 away. It also handles PDF very well.

    One use is being able to read/reference the book on the iPad screen while using your laptop. It's nice to not have to swap windows/virtual desktops.

    Scott

  • Tyler

    Thanks for the links for iCacit and Touchmon, perfect additions to complement a Cacti/Nagios monitoring system!

  • Matt

    Scany is $1 and is just amazing for scanning a network. It provides a great gui and will scan a subnet with pings and portscans and figure out hostnames using a variety of methods, recognize MAC address OUIs automatically, and do ping/traceroute/whois too. It's nothing you can't do with other tools, but the way it presents all the info in one place is just great.